Vigil@nce: nfs-utils, corruption of mtab via RLIMIT_FSIZE
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use mount.nfs and the RLIMIT_FSIZE limit, in
order to corrupt the /etc/mtab file.
– Severity: 1/4
– Creation date: 22/04/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-10460 (https://vigilance.fr/tree/1/10460)
describes a vulnerability in the addmntent() function of the glibc.
The nfs-utils suite implements its own nfs_addmntent() function,
which is impacted by the same vulnerability.
A local attacker can therefore use nfs-utils and the RLIMIT_FSIZE
limit, in order to corrupt the /etc/mtab file.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/nfs-utils-corruption-of-mtab-via-RLIMIT-FSIZE-10596